Overview
Money Transfer focuses on a transaction workflow where account references are not authorized tightly enough.
This lab applies IDOR to a high-risk financial action where transfer operations must verify account ownership before accepting the request.
Security Impact
IDOR in money movement can lead to unauthorized transfers, balance manipulation, fraud, and account compromise. This class of flaw can create direct financial loss and serious audit exposure.
Vulnerability Scope
Wallet apps, banking portals, payment dashboards, internal finance tools, and transaction APIs are exposed when account identifiers from the client drive money movement.
Lab Focus
The lab focuses on transaction authorization, object ownership in state-changing requests, and why financial workflows require server-side validation at every step.
Related Labs
Related trainings
